CyberSecurity Updates

10 Jan

Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches

Information

by Paul Ducklin As far as we can tell, there are a whopping 2874 items in this month’s Patch Tuesday update list from Microsoft, based on the CSV download we just grabbed from Redmond’s Security Update Guide web page. (The website itself says 2283, but the CSV export contained 2875 lines, where the first line isn’t actually a data record but a list of the various field names for the rest of the lines in…

Read More
10 Jan

Data leak exposes information of 10,000 French social security beneficiaries

Data Breaches, Malware, Social Engineering

[Editor’s note: This article originally appeared on the Le Monde Informatique website.] More than 10,000 beneficiaries of a local branch of the French social security agency CAF, or Family Allowance Fund, saw their data exposed for about 18 months, after a file containing personal information was sent to a service provider. The mistake, discovered by France Info — Radio France’s news and investigation service — just before the year-end holidays, could hit the CAF hard.…

Read More
10 Jan

Microsoft Patch Tuesday, January 2023 Edition

Information, Insights

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection. At least 11 of the patches released today are rated “Critical” by Microsoft, meaning they…

Read More
10 Jan

Adobe Releases Security Updates for Multiple Products

Attacks, Insights, Malware

Original release date: January 10, 2023 Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Adobe Acrobat and Reader APSB23-01 Adobe InDesign APSB23-07 Adobe InCopy APSB23-08 Adobe Dimension APSB23-10 This product is provided subject to this Notification and this Privacy…

Read More
10 Jan

Microsoft Releases January 2023 Security Updates

Attacks, Insights, Malware

Original release date: January 10, 2023 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s January 2023 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
10 Jan

Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day

Information, Malware, News

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s already been exploited to escape the browser sandbox. The zero-day, flagged by researchers at anti-malware company Avast, was exploited in live attacks to elevate privileges and escape a browser’s sandbox mitigation. As has become customary, Microsoft is stingy with details on the vulnerability or the attacks.  An advisory from Redmond marks…

Read More
10 Jan

Cybercriminals are using ChatGPT to create malware

Attacks, Data Breaches

Malicious actors have been using artificial intelligence (AI)-powered chatbots like OpenAI’s ChatGPT to build malware, dark web sites and other tools for enacting cyber attacks, reserach by threat intelligence company Check Point Research has found.  When asked by Cyber Security Hub, cyber security experts predicted that a top threat to cyber security in 2023 would be crime-as-a-service; platforms where malicious actors can offer their services to those who would otherwise be unable to carry out…

Read More
10 Jan

Intel boosts VM security, guards against stack attacks in new Xeon release

Data Breaches, Malware, Social Engineering

Intel today announced the rollout of the fourth generation of its Xeon family of server chipsets, detailing several new features under the company’s confidential computing umbrella of security features. Improvements to Intel’s trusted execution environment and a new technique for combatting jump- and return-oriented programming attacks were the most notable upgrades. Xeon’s fourth generation introduces a number of new features across the board, including marked improvements to energy efficiency, AI processing, and edge workload handling,…

Read More
10 Jan

Kinsing Malware Attacking Vulnerable PostgreSQL Kubernetes Containers

Attacks, Malware

Companies can mitigate attacks like this by using the latest versions of container images to ensure the images are adequately patched. Some of the vulnerabilities being exploited are over two years old, with the associated patches released for nearly as long. Moreover, engineers and administrators can check vendor guides for recommended security settings to harden deployments. Administrators can restrict public access to containers to the bare minimum appropriate to an organization’s risk management framework. In…

Read More
10 Jan

20+ Vulnerabilities Patched In New Ubuntu Kernel Security Update

Attacks, Malware

All users of Ubuntu are urged to update as soon as possible. To update, the following command can be used:sudo apt update && sudo apt full-upgradeBelow are the patched kernel versions for each Ubuntu version: • Ubuntu 22.10◦ linux-image 5.19.0.28.25• Ubuntu 22.04 LTS◦ linux-image 5.15.0-57.63• Ubuntu 20.04 LTS◦ linux-image 5.15.0-57.63~20.04.1◦ linux-image 5.4.0.136.134• Ubuntu 18.04 LTS◦ linux-image 5.4.0.136.153~18.04.111◦ linux-image 4.15.0.201.184 Ubuntu Users Get Massive Kernel Security Updates, More Than 20 Vulnerabilities Patched

Read More